Version: v2.18.x LTS
Using encoded slashes
Using encoded slashes
Role: system programmer
By default, the API Mediation Layer accepts encoded slashes in the URL path of the request. If you are onboarding applications which expose endpoints that expect encoded slashes, it is necessary to keep the default configuration. We recommend that you change the property to false
if you do not expect the applications to use the encoded slashes.
Use the following procedure to reject encoded slashes.
- Open the file
zowe.yaml
. - Find or add the property
components.gateway.apiml.service.allowEncodedSlashes
and set the value tofalse
. - Restart Zowe.
Requests with encoded slashes are now rejected by the API Mediation Layer.